Signature specification for encrypted packet streams
Methods, systems, and products are disclosed for specifying a signature for an encrypted packet stream. One method receives the encrypted stream of packets, and encryption obscures the contents of a packet. A signature for insertion into the stream of packets is specified, and the signature identifies a type of data encrypted within the stream of packets. The signature identifies the contents of the packet despite the encryption obscuring the contents.
Latest AT&T Patents:
- Determining and Using Elevation of a User Device
- DUAL SUBSCRIBER IDENTITY MODULE RADIO DEVICE AND SERVICE RECOVERY METHOD
- Predicting and Using Threat Levels for Cyber Threats Using Data From Public Data Sources
- MULTI-STAGE STATE MODEL FOR THE ADMINISTRATION OF PHYSICAL, LOGICAL, AND HYBRID RESOURCES
- Software-Defined Wide Area Network Self-Service for Service Assurance
A portion of the disclosure of this patent document and its figures contain material subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, but otherwise reserves all copyrights whatsoever.
CROSS-REFERENCE TO RELATED APPLICATIONSThis application relates to the commonly assigned and concurrently filed U.S. application No.: 10/944,229, entitled “Detection of Encrypted packet Streams”; Ser. No. 10/944,294, entitled “Detection of Encrypted PacketStreams”, entitled “Detection of Encrypted Packet Streams Using a Timer”, entitled “Detection of Encrypted Packet Streams Using Process Variation and/or Multiple Processes”; and Ser. No. 10/943,591, entitled “Detection of Encrypted Packet Streams Using Feedback Probing”. These commonly-assigned applications are all incorporated by reference.
BACKGROUNDThis application generally relates to communications and, more particularly, to detecting encrypted path finding or routing a message with an address header.
Encryption of communications is increasing. More and more people, businesses, and governments are encrypting their electronic communications. This encryption provides enhanced security and privacy for these electronic communications.
Encryption, however, is a problem for communications service providers. Communications service providers need to know the type of data contained within an electronic communication. Some data types receive priority processing, while other data types are queued for later processing. Encryption, however, hides the contents of the communication and often prevents a communications service provider from determining the level of required processing. Because the communications service provider cannot determine the level of required processing, the encrypted communication defaults to lesser priority and/or processing.
Internet telephony provides an example. Internet telephone calls should be processed to result in a real time, or nearly real time, conversation. If packets are lost, or if packets experience congestion, the quality of the call suffers. Internet telephone calls, then, should receive priority processing. When a communications service provider detects data representing an Internet telephone call, the service provider gives that data priority/special processing to reduce packet loss and to reduce latency effects. Encryption, however, hides the contents of the communication. Encryption prevents the communications service provider from determining whether priority and/or special processing is required. So, even though the communication is an Internet telephone call, encryption causes the communication to default to lesser priority and/or processing. The quality of the call may then suffer from packet loss and congestion.
There is, accordingly, a need in the art for improved determination of data types. When parties encrypt their communications, there is a need for determining the type of data contained inside the encrypted communication. There is also a need for identifying a particular kind of encrypted traffic in order to provide prioritized/specialized processing.
SUMMARYThe aforementioned problems, and other problems, are reduced, according to exemplary embodiments, using methods, computer systems, computer programs, and computer program products that detect the type of data contained within an encrypted stream of packets. According to exemplary embodiments, the existence of one or more parameters of the encrypted stream of packets is noted. The one or more parameters are observable, despite encryption obscuring the contents of the encrypted stream of packets. The observable parameters are then used to infer the type of data contained within the encrypted stream of packets. An inference is then made whether the encrypted stream of packets contains, for example, video data, picture data, text data, and/or or voice data. Because the type of data may be inferred, the encrypted stream of packets may be processed to achieve objectives and goals. That is, even though the contents of the packets are hidden by encryption, this invention can still identify the type of date contained within the packets. The inferred type of data may then be used to determine if additional processing is required.
The exemplary embodiments also specify a signature. Once the type of data is inferred, the exemplary embodiments then specify what signature should be used to identify the type of data encrypted within the stream of packets. The signature identifies the contents of a packet and/or the stream despite the encryption obscuring the contents. The signature may then be inserted into the stream of packets so that downstream processes can more easily identify the contents and apply content-specific processing. The signature may also be communicated to other communications devices for self-identifying, or marking, communications. The signature may utilize specific known values of one or more of the observable parameters to artificially provide those known values for subsequent detection.
According to exemplary embodiments, the encrypted stream of packets is received, and encryption obscures the contents of a packet. A signature for insertion into the stream of packets is specified, and the signature identifies a type of data encrypted within the stream of packets. The signature identifies the contents of the packet despite the encryption obscuring the contents.
According to other embodiments, a signature may be specified for an encrypted Voice Over Internet Protocol stream of packets. The encrypted stream of packets is received and an observable parameter is noted. The parameter is observable despite encryption obscuring the contents of the encrypted stream of packets. The observable parameter is compared to a threshold value or value range. The presence of Voice Over Internet Protocol data, or data associated with another application/service type or specific application/service or specific software/system, within the encrypted stream of packets is inferred from the observable parameter. A signature for insertion into the stream of packets is then specified, and the signature identifies the Voice Over Internet Protocol data, or data associated with another application/service type or specific application/service or specific software/system, encrypted within the stream of packets. The signature identifies the Voice Over Internet Protocol data, or data associated with another application/service type or specific application/service or specific software/system, despite the encryption obscuring the contents of the stream of packets.
The exemplary embodiments may be used for all types of data. The exemplary embodiments, for example, may be used to specify the presence of on-line gaming sessions, simulations, virtual reality, email, messaging, multimedia-conferencing, application-sharing, e-voting, group-ware & collaboration, and any sort or type of video data. The exemplary embodiments can be applied to any encrypted stream which still contains observable parameters having some correlation to the type of data and/or the type of application/service and/or the specific application/service. The concepts described herein can help not just the type of data or application being used and communicating within the encrypted stream, but the concepts can also help identify the actual vendor-make, model, and version of a software application being used (e.g., Vendor A may use different packet sizes than Vendor B, and version 3 from Vendor A uses different inter-packet timing than version 1 from Vendor A). Whenever an encrypted stream contains observable parameters, the exemplary embodiments described herein exploit any correlation to the observable parameters.
According to an embodiment, a system may include a communications module noting an observable parameter of an encrypted stream of packets. The parameter is observable despite encryption obscuring the contents of the encrypted stream of packets. The Communications Module compares the observable parameter to a threshold value or value range. The Communications Module infers Voice Over Internet Protocol data, or data associated with another application/service type or specific application/service or specific software/system, is contained within the encrypted stream of packets from the observable parameter. A signature for insertion into the encrypted stream of packets is then specified, and the signature identifies the Voice Over Internet Protocol data, or data associated with another application/service type or specific application/service or specific software/system, encrypted within the stream of packets. The signature identifies the Voice Over Internet Protocol data, or data associated with another application/service type or specific application/service or specific software/system, despite the encryption obscuring the contents of the stream of packets.
According to another of the embodiments, a computer program product may be used for specifying a signature for an encrypted Voice Over Internet Protocol stream of packets. This computer program product includes a communications module stored on a computer-readable medium. The communications module notes an observable parameter of an encrypted stream of packets. The parameter is observable despite encryption obscuring the contents of the encrypted stream of packets. The Communications Module compares the observable parameter to a threshold value or value range. The Communications Module infers Voice Over Internet Protocol data, or data associated with another application/service type or specific application/service or specific software/system, is contained within the encrypted stream of packets from the observable parameter. A signature for insertion into the encrypted stream of packets is then specified, and the signature identifies the Voice Over Internet Protocol data, or data associated with another application/service type or specific application/service or specific software/system, encrypted within the stream of packets. The signature identifies the Voice Over Internet Protocol data, or data associated with another application/service type or specific application/service or specific software/system, despite the encryption obscuring the contents of the stream of packets.
Other systems, methods, and/or computer program products according to embodiments will be or become apparent to one with skill in the art upon review of the following drawings and detailed description. It is intended that all such additional systems, methods, and/or computer program products be included within this description, be within the scope of the present invention, and be protected by the accompanying claims.
These and other features, aspects, and advantages of the embodiments of the present invention are better understood when the following Detailed Description is read with reference to the accompanying drawings, wherein:
Exemplary embodiments will now be described more fully hereinafter with reference to the accompanying drawings, in which exemplary embodiments are shown. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. These embodiments are provided so that this disclosure will be thorough and complete and will fully convey the scope of the invention to those of ordinary skill in the art. Moreover, all statements herein reciting embodiments of the invention, as well as specific examples thereof, are intended to encompass both structural and functional equivalents thereof. Additionally, it is intended that such equivalents include both currently known equivalents as well as equivalents developed in the future (i.e., any elements developed that perform the same function, regardless of structure).
Thus, for example, it will be appreciated by those of ordinary skill in the art that the diagrams, schematics, illustrations, and the like represent conceptual views or processes illustrating systems and methods embodying this invention. The functions of the various elements shown in the figures may be provided through the use of dedicated hardware as well as hardware capable of executing associated software. Similarly, any switches shown in the figures are conceptual only. Their function may be carried out through the operation of program logic, through dedicated logic, through the interaction of program control and dedicated logic, or even manually, the particular technique being selectable by the entity implementing this invention. Those of ordinary skill in the art further understand that the exemplary hardware, software, processes, methods, and/or operating systems described herein are for illustrative purposes and, thus, are not intended to be limited to any particular named manufacturer.
According to exemplary embodiments, a signature is specified for insertion into an encrypted stream of packets. The signature identifies the type of data encrypted within the stream of packets. The signature, for example, identifies the contents of a packet and/or the stream despite the encryption obscuring the contents. The signature may then be inserted into the stream of packets so that downstream processes can more easily identify the contents and apply content-specific processing. The signature may also be communicated to other communications devices for self-identifying, or marking, communications.
The communications device 98 receives the signature 22. When the communications module 20 specifies the signature 22, the communications module 20 communicates that signature to the communications device 98. When the communications device 44 receives the signature 22, the communications device 98 can then use the signature 22 to identify, or mark, further communications containing the same type of data. The communications module 20 thus instructs the communications device 98 to include the signature 22 with future communications having the same type of data. The communications module 20 thus instructs the communications device 98 to “self-identify” further packets and/or streams. The communications device 98 is instructed to self-identify the type of data contained within future packets and/or streams, all without compromising the privacy of the encrypted packets.
This invention may be applied to any signaling standard. As those of ordinary skill in the art recognize,
This invention may also be applied to any packet scheme. The exemplary embodiments mostly mention the Internet Protocol packet scheme, only because this scheme is perhaps most familiar. Those of ordinary skill in the art, however, recognize that this invention is equally applicable to any packet scheme. This invention, in fact, is independent of the packet scheme and, thus, may be applied to any packet schemes.
The communications module may be physically embodied on or in a computer-readable medium. This computer-readable medium may include CD-ROM, DVD, tape, cassette, floppy disk, memory card, and large-capacity disk (such as IOMEGA®, ZIP®, JAZZ®, and other large-capacity memory products (IOMEGA®, ZIP®, and JAZZ® are registered trademarks of Iomega Corporation, 1821 W. Iomega Way, Roy, Utah 84067, 801.332.1000, www.iomega.com). This computer-readable medium, or media, could be distributed to end-users, licensees, and assignees. These types of computer-readable media, and other types not mention here but considered within the scope of the present invention, allow the communications module to be easily disseminated. A computer program product for specifying a signature for an encrypted stream of packets includes the communications module stored on the computer-readable medium. The communications module notes an observable parameter of an encrypted stream of packets. The parameter is observable despite encryption obscuring the contents of the encrypted stream of packets. The Communications Module compares the observable parameter to a threshold value or value range. The Communications Module infers Voice Over Internet Protocol data, or data associated with another application/service type or specific application/service or specific software/system, is contained within the encrypted stream of packets from the observable parameter. A signature for insertion into the encrypted stream of packets is then specified, and the signature identifies the Voice Over Internet Protocol data, or data associated with another application/service type or specific application/service or specific software/system, encrypted within the stream of packets. The signature identifies the Voice Over Internet Protocol data, or data associated with another application/service type or specific application/service or specific software/system, despite the encryption obscuring the contents of the stream of packets.
The communications module may also be physically embodied on or in any addressable (e.g., HTTP, I.E.E.E. 802.11, Wireless Application Protocol (WAP)) wire line or wireless device capable of presenting an IP address. Examples could include a computer, a wireless personal digital assistant (PDA), an Internet Protocol mobile phone, or a wireless pager.
While the present invention has been described with respect to various features, aspects, and embodiments, those skilled and unskilled in the art will recognize the invention is not so limited. Other variations, modifications, and alternative embodiments may be made without departing from the spirit and scope of the present invention.
Claims
1. A method, comprising the steps of:
- receiving an encrypted stream of packets having the contents of a packet obscured by encryption; and
- specifying a signature for the stream of packets, the signature identifying a type of data encrypted within the stream of packets,
- wherein the signature identifies the contents of the packet despite the encryption obscuring the contents; and
- wherein the step of specifying the signature comprises at least one of i) specifying at least one packet for insertion into the stream of packets, the packet having a size that identifies the type of data encrypted within the stream of packets, and ii) specifying at least one packet for time-based insertion into the stream of packets, the packet having a size that identifies the type of data encrypted within the stream of packets.
2. A method according to claim 1, wherein the step of specifying the signature further comprises at least one of i) establishing a periodic timing interval between at least two encrypted packets, the timing interval identifying the type of data encrypted within the stream of packets, and ii) establishing a timing interval between at least two encrypted packets, the timing interval identifying the type of data encrypted within the stream of packets.
3. A method according to claim 1, further comprising the step of changing the signature.
4. A method according to claim 1, further comprising the step of communicating the signature to a communications device.
5. A method according to claim 1, further comprising the step of specifying a signature identifying Voice Over Internet Protocol data encrypted within the stream of packets,
- wherein the signature identifies the Voice Over Internet Protocol data despite the encryption obscuring the contents of the stream of packets.
6. A method, comprising the steps of:
- receiving an encrypted stream of packets having the contents of a packet obscured by encryption; and
- specifying a signature for the stream of packets. the signature identifying a type of data encrypted within the stream of packets,
- wherein the signature identifies the contents of the packet despite the encryption obscuring the contents; and
- wherein the step of specifying the signature comprises establishing a size for each packet in the stream of packets, the size for each packet identifying the type of data encrypted within the stream of packets.
7. A method, comprising the steps of:
- receiving an encrypted stream of packets having the contents of a packet obscured by encryption; and
- specifying a signature for the stream of packets, the signature identifying a type of data encrypted within the stream of packets,
- wherein the signature identifies the contents of the packet despite the encryption obscuring the contents; and
- wherein the step of specifying the signature comprises at least one of i) establishing a pattern of packet sizes, the pattern of packet sizes identifying the type of data encrypted within the stream of packets, and ii) establishing a pattern of timing intervals, the pattern of timing intervals identifying the type of data encrypted within the stream of packets.
8. A system, comprising:
- a communications module stored in a memory device, and a processor communicating with the memory device;
- the communications module receiving an encrypted stream of packets having the contents of a packet obscured by encryption; and the communications module specifying a signature for the stream of packets, the signature identifying a type of data encrypted within the stream of packets.
- wherein the signature identifies the contents of the packet despite the encryption obscuring the contents; and
- wherein the communications module specifics at least one of i) at least one packet for insertion into the stream of packets, the packet having a size that identifies the type of data encrypted within the stream of packets, and ii) at least one packet for time-based insertion into the stream of packets, the packet having a size that identifies the type of data encrypted within the stream of packets.
9. A system according to claim 8, wherein the communications module further establishes at least one of i) a periodic timing interval between at least two encrypted packets, the timing interval identifying the type of data encrypted within the stream of packets, and ii) a timing interval between at least two encrypted packets, the timing interval identifying the type of data encrypted within the stream of packets.
10. A system according to claim 8, wherein the communications module changes the signature.
11. A system according to claim 8, wherein the communications module communicates the signature to a communications device.
12. A system according to claim 8, wherein the communications module specifies a signature identifying Voice Over Internet Protocol data encrypted within the stream of packets, wherein the signature identifies the Voice Over Internet Protocol data despite the encryption obscuring the contents of the stream of packets.
13. A system, comprising:
- a communications module stored in a memory device, and a processor communicating with the memory device;
- the communications module receiving an encrypted stream of packets having the contents of a packet obscured by encryption; and the communications module specifying a signature for the stream of packets, the signature identifying a type of data encrypted within the stream of packets,
- wherein the signature identifies the contents of the packet despite the encryption obscuring the contents; and
- wherein the communications module establishes a size for each packet in the stream of packets, the size for each packet identifying the type of data encrypted within the stream of packets.
14. A system, comprising:
- a communications module stored in a memory device, and a processor communicating with the memory device;
- the communications module receiving an encrypted stream of packets having the contents of a packet obscured by encryption; and the communications module specifying a signature for the stream of packets, the signature identifying a type of data encrypted within the stream of packets,
- wherein the signature identifies the contents of the packet despite the encryption obscuring the contents; and
- wherein the communications module establishes at least one of i) a pattern of packet sizes, the pattern of packet sizes identifying the type of data encrypted within the stream of packets, and ii) a pattern of timing intervals, the pattern of timing intervals identifying the type of data encrypted within the stream of packets.
15. A computer program product comprising a computer readable medium including instructions for performing the steps:
- receiving an encrypted stream of packets having the contents of a packet obscured by encryption: and specifing a signature for the stream of packets, the signature identifying a type of data encrypted within the stream of packets,
- wherein the signature identifies the contents of the packet despite the encryption obscuring the contents; and
- wherein the step of specifying the signature comprises at least one of i) specifying at least one packet for insertion into the stream of packets, the packet having a size that identifies the type of data encrypted within the stream of packets, and ii) specifying at least one packet for time-based insertion into the stream of packets, the packet having a size that identifies the type of data encrypted within the stream of packets.
16. A computer program product according to claim 15, wherein the step of specifying the signature further comprises at least one of i) establishing a periodic timing interval between at least two encrypted packets, the timing interval identifying the type of data encrypted within the stream of packets, and ii) establishing a timing interval between at least two encrypted packets, the timing interval identifying the type of data encrypted within the stream of packets.
17. A computer program product according to claim 15, further performing the step of specifying a signature identifying Voice Over Internet Protocol data encrypted within the stream of packets,
- wherein the signature identifies the Voice Over Internet Protocol data despite the encryption obscuring the contents of the stream of packets.
6522658 | February 18, 2003 | Roccanova |
7216230 | May 8, 2007 | Suzuki et al. |
20020035639 | March 21, 2002 | Xu |
20020059170 | May 16, 2002 | Vange |
20030016770 | January 23, 2003 | Trans |
20030086411 | May 8, 2003 | Vassilovski |
20030086515 | May 8, 2003 | Trans |
20030235209 | December 25, 2003 | Garg |
20040071130 | April 15, 2004 | Doerr |
20040090937 | May 13, 2004 | Chaskar |
20040090943 | May 13, 2004 | daCosta |
20040090989 | May 13, 2004 | Kobayashi |
Type: Grant
Filed: Sep 17, 2004
Date of Patent: Nov 11, 2008
Patent Publication Number: 20060064746
Assignee: AT&T Intellectual Property L.P. (Reno, NV)
Inventors: Jeffrey A. Aaron (Atlanta, GA), Edgar Vaughan Shrum, Jr. (Smyrna, GA)
Primary Examiner: Matthew Smithers
Assistant Examiner: Paul Callahan
Attorney: Myers Bigel Sibley & Sajovec, P.A.
Application Number: 10/943,588
International Classification: H04L 9/00 (20060101);